Information Governance Policy

Similar documents
Information Governance Policy

Information Governance Policy

Information Governance Policy

Information Governance Policy

Information Governance Policy and Management Framework

IGPr002 - Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

INFORMATION GOVERNANCE POLICY

Information Governance Management Framework

Information Governance Management Framework

Information governance strategy

Overarching Information Governance Policy

Information Governance Strategy and Management Framework

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE POLICY

Information Sharing Policy

INFORMATION GOVERNANCE POLICY

Data Quality Policy

Information Governance Strategic Management Framework

IG01 Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY

West Kent Clinical Commissioning Group

Business Continuity Policy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

Information Security Risk Management Programme and Strategy

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

Humber Information Sharing Charter

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE STRATEGY. Documentation control

Information Governance Policy

Data Protection Policy

Information Security Policy

Information Governance Assurance Framework

LOCATION: Alpha Plus Fostering, Oldham

Humber Information Sharing Charter

Policies, Procedures, Guidelines and Protocols. Document Details

Unit: CPC 420 De-commission services (Commissioning, Procurement and Contracting)

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

This Policy supersedes the following Policy, which must now be destroyed:

Findings from ICO audits of 16 local authorities

Information Asset Management Policy

Internal Audit Charter

This Policy supersedes the following Policy, which must now be destroyed:

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

Quality & Compliance Manager (Children s Homes & Schools)

Internal Audit Charter

Code of Corporate Governance

Audit Committee Charter

Information Governance Management Framework Version 6 December 2017

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Date: INFORMATION GOVERNANCE POLICY

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Internal Audit Charter. (Board approved 13 April 2012)

Position Description Development Officer Infrastructure Planning

JIMMY CROW LIMITED ABN: NSX Code: JCC

ROLE PROFILE. Date: 30 March 2017 Compiled by: Membership Panel ROLE PURPOSE

Audit and Risk Management Committee Policy Ecosave Holdings Limited ACN

Update on October 2011 IESBA SME/SMP Working Group Report July 2013

Field/Mobile Working Policy

East Riding of Yorkshire Council Data protection audit report. Executive summary March 2014

CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce)

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

Customer Advocacy. Complaints Management Policy

Records Management Policy

Information Governance Management Framework 2016/17

JOB DESCRIPTION. Line Management responsibility for the Programmes Senior Programme Officers and Programme Officers

RISK MANAGEMENT STRATEGY AND POLICY

Defence Health Governance Structure

Environment Agencies Statement on Radioactive Waste Advisers

Leeds Interagency Protocol for Sharing Information

HEALTH AND SAFETY POLICY

Information Governance Management Framework 2017/18 Reference: IG12

Sandwell Metropolitan Borough Council

Business Continuity. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0

Risk Management Policy

ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]

Contractor Representative / Project Director The Kiribati Facility - Short Term Adviser

Information Governance Strategic Management Framework (Including Policy and Strategy)

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Initiative: Information Governance Management

WILTSHIRE POLICE FORCE POLICY

Procurement Strategy

Auditing of Swedish Enterprises and Organisations

APB ETHICAL STANDARD 3 (REVISED) LONG ASSOCIATION WITH THE AUDIT ENGAGEMENT

POSITION DESCRIPTION DIRECTOR TECHNICAL & DEVELOPMENT SERVICES MANAGER ENGINEERING AND OPERATIONS

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

Charter. Audit and Risk Management Committee Charter. 1 Introduction. 2 Purpose. 3 Authority. 4 Organisation. 4.1 Membership

HAWKE S BAY REGIONAL COUNCIL

Corporate Governance Statement John Bridgeman Limited

MOBILE AND REMOTE WORKING POLICY

Transcription:

Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014

CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy 4 4.1 Sefton CVS Commitment 4 4.2 Openness 4 4.3 Legal Compliance 4 4.4 Information Security 5 4.5 Information Quality Assurance 5 5. Assessment and Monitoring 5 6. Responsibilities and Approvals 6 6.1 Sefton CVS Board 6 6.2 The Senior Information Risk Owner (SIRO) 6 6.3 The Caldicott Guardian 6 6.4 Information Governance Lead 6 6.5 All Employees 6 Version Control and Ownership Original Version Published: March 2014 This Version number: V1 Date Approved by Board: 19/3/14 Date Reviewed: Policy Owner: Ann Cartwright Sefton CVS - Information Governance Policy Page 2

CONFIDENTIAL Page 3 of 6 1. Objectives Sefton CVS considers information to be a vital asset in terms of the efficient management of services and resources, playing a key part in providing information, governance, service planning and performance management. It is therefore of paramount importance to ensure that information is efficiently managed and that appropriate policies, procedures and management accountability provide a robust governance framework for information management. 2. Scope This policy covers all aspects of information within the organisation, including (but not limited to): Client/Service User information Personnel information Organisational information This policy covers all aspects of handling information, including (but not limited to): Structured record systems paper and electronic Transfer of information e-mail, post, fax and telephone This policy covers all information systems purchased, developed and managed by/or on behalf of Sefton CVS and any individual directly employed or otherwise by the organisation. 3. Principles The organisation recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The organisation fully supports the principles of corporate governance, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about clients / staff and commercially sensitive information. The organisation also recognises the need to share client information with other partner organisations and agencies in a controlled manner, consistent with the interests of the client and, in some circumstances, the public interest. The organisation believes that accurate, timely and relevant information is essential to deliver and support the highest quality service provision. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision-making processes. Sefton CVS - Information Governance Policy Page 3

CONFIDENTIAL Page 4 of 6 4. Information Governance Policy 4.1 Sefton CVS Commitment 4.1.1 All legislative, contractual, regulatory requirements and national policy will be met 4.1.2 Business Continuity Plans will be produced, maintained and tested 4.1.3 Appropriate operational procedures exist to support this Policy 4.1.4 Appropriate training will be offered to relevant staff 4.2 Openness 4.2.1 Non-confidential information on the organisation and its services should be available to the public through a variety of media 4.2.2 The organisation will undertake or commission annual assessments and audits of its policies and arrangements for openness 4.2.3 Clients should have ready access to information relating to them in line with their rights as clients 4.2.4 The organisation will have clear procedures and arrangements for liaison with the press and broadcasting media 4.2.5 The organisation will have clear procedures and arrangements for handling queries from clients and the public 4.3 Legal Compliance 4.3.1 The organisation regards all identifiable personal information relating to clients as confidential 4.3.2 The organisation will undertake or commission annual assessments and audits of its compliance with legal requirements 4.3.3 The organisation regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise 4.3.4 The organisation will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the Common Law Duty of Confidentiality 4.3.5 The organisation will establish and maintain policies for the controlled and appropriate sharing of client information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act) 4.4 Information Security Sefton CVS - Information Governance Policy Page 4

CONFIDENTIAL Page 5 of 6 4.4.1 The organisation will establish and maintain policies and procedures for the effective and secure management of its information assets and resources 4.4.2 The organisation will protect its information assets from all threats, whether internal or external, deliberate or accidental 4.4.3 The organisation will undertake or commission annual audits/ assessments of its information and IT security arrangements 4.4.4 The organisation will promote effective confidentiality and security practice to its staff through policies, procedures and training 4.4.5 The organisation will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security 4.5 Information Quality Assurance 4.5.1 The organisation will establish and maintain procedures for information quality assurance and the effective management of records 4.5.2 The organisation will undertake or commission regular assessments and audits of its information quality and records management arrangements 4.5.3 Managers are expected to take ownership of, and seek to improve, the quality of information within their services 4.5.4 Wherever possible, information quality should be assured at the point of collection 4.5.5 The organisation will promote information quality and effective records management 5. Assessment and Monitoring 5.1 An assessment of compliance with requirements within the Information Governance Toolkit (IGT) will be undertaken each year. The requirements are grouped into the following initiatives: Confidentiality and Data Protection Assurance Information Governance Management Information Security Assurance 5.2 Summary reports and proposed action/development plans will be produced annually. The Board, or nominated committee, will sign off the IGT score before submission. 6. Responsibilities and Approvals Sefton CVS - Information Governance Policy Page 5

CONFIDENTIAL Page 6 of 6 6.1 Sefton CVS Board The Board has ultimate responsibility for the implementation of the provisions of this policy; they are responsible for the management of the organisation and for ensuring that the appropriate mechanisms are in place to support service delivery and continuity. The organisation has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of and compliance with internal and external governance requirements 6.2 The Senior Information Risk Owner (SIRO) The SIRO takes overall ownership of the organisations Information Risk Policy, they will act as champion for information risk on the Board and provide advice regarding information risk and the effectiveness of information risk management. 6.3 The Caldicott Guardian The Caldicott Guardian will take a lead on Confidentiality issues ensuring that the organisation satisfies the highest practical standards for handling client identifiable information; they will act as the conscience of the organisation and will also facilitate and enable information sharing and advise on options for lawful and ethical processing of information; they will represent and champion Information Governance requirements and issues at Board level; ensure that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures for staff; and oversee all arrangements, protocols and procedures where confidential client information may be shared with external bodies. 6.4 Information Governance Lead The Information Governance Lead is responsible for providing specialist advice and support on all aspects of Information Governance. They are also responsible for reviewing the policy and ensuring it is updated in line with any changes to national guidance or local policy. They will maintain an awareness of information governance issues within the organisation; 6.5 All Employees All employees are responsible for: Ensuring compliance with this policy Seeking advice, assistance and training where required Sefton CVS - Information Governance Policy Page 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback